2012 in Review: Encrypting the Web with HTTPS

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2012 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.

Given the alarmingexpansion of state-sponsored surveillance, it can be hard to find reasons to be optimistic about individuals' ability to avoid being watched on the web. Yet the continued rise of HTTPS is a beacon of hope for thwarting many types of surveillance, and we are pleased that the positive trend of HTTPS adoption continues apace with some big steps forward in 2012.

HTTPS encrypts the connection between your browser and a website so that your communications cannot be snooped on or altered by attackers on your local network, by your ISP, or by governments. HTTPS is not a silver bullet against all surveillance, as it does not protect against attacks that target your personal computer (such as malware), attacks that target the website you are visiting (such as a government-compelled disclosure of your web-based email), or attacks that merely aspire to determine the parties of the communication without analyzing the content. But by shutting out all parties between your computer and the web service provider from reading content, using HTTPS makes it much more difficult for attackers to spy on you.

This is why we have been hard at work on our browser extension HTTPS Everywhere (download it from our website here), which instructs your browser to use HTTPS wherever possible. While it is difficult to measure the total uptick of HTTPS in 2012, we are excited to report that the number of websites covered by HTTPS Everywhere increased from roughly 926 in January of 2012 to 4032 in December of 2012 and we gained over a million users, which we consider a big measure of success for our ongoing project to encrypt the web.

But we cannot do it alone. For HTTPS to work seamlessly, websites must enable it and turn it on for their users by default. Among large websites, Google has been a pioneer in enabling HTTPS by default: first for Gmail, then for web search for signed in users. Facebook joined the ranks in 2012 by beginning to enable HTTPS by default for everyone, a huge boon to users around the world. Along with small and medium-sized websites, we need all of the major players to step up – from CDN providers like Akamai and Amazon, to dating sites like OKCupid to Yahoo! Mail, and everyone in between. If we all work together, we can make insecure HTTP a thing of the past and help to protect users from increasingly prevalent surveillance.

Look for more projects from us to encrypt the web in 2013! In the mean time, why not celebrate the New Year by helping promote online security? Tell 5 friends about HTTPS Everywhere and post about it on your social networks. Here's a quick example tweet:

Want to really promote an encrypted web? Send this email to 5 or more friends:

Hey,

I've been using HTTPS Everywhere, a free add-on from the Electronic Frontier Foundation that encrypts your web traffic. It's really easy to install and it automatically gives you improved security when you browse the web. It's not a magic bullet (it doesn't stop all types of web surveillance), but it encrypts your communications with hundreds of websites. That gives you some protection for the info flowing between you and a website — like the text of e-mail messages you send or receive through a webmail site, the products you look at when shopping online, or which articles you read on a news site. I've been using it and I think you should too. Download it here: https://www.eff.org/https-everywhere